From 9a804654f5e8588f039407aeaaaf24fd9f0062e5 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Thu, 2 Jul 2020 02:10:26 +0200
Subject: Windows: Don't allow to encrypt the system drive if it is already
 encrypted by BitLocker

---
 src/Common/BootEncryption.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/Common/BootEncryption.cpp')

diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 0a2afb12..502b4e06 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -5176,6 +5176,12 @@ namespace VeraCrypt
 		if (IsNonInstallMode())
 			throw ErrorException ("FEATURE_REQUIRES_INSTALLATION", SRC_POS);
 
+		/* check if the system drive is already encrypted by BitLocker */
+		wchar_t windowsDrive = (wchar_t) towupper (GetWindowsDirectory()[0]);
+		BitLockerEncryptionStatus bitLockerStatus = GetBitLockerEncryptionStatus (windowsDrive);
+		if (bitLockerStatus == BL_Status_Protected)
+			throw ErrorException ("SYSENC_BITLOCKER_CONFLICT", SRC_POS);
+
 		SystemDriveConfiguration config = GetSystemDriveConfiguration ();
 
 		if (SystemDriveIsDynamic())
-- 
cgit v1.2.3